SIP Inspector Overview
Type |
Inspector (service) |
Usage |
Inspect |
Instance Type |
Multiton |
Other Inspectors Required |
|
Enabled |
|
The Session Initiation Protocol (SIP) manages the creation, modification, and teardown of real-time call sessions that include one or more participants. The applications that SIP can control include: internet telephony, multimedia conferencing, instant messaging, online gaming, and file transfer. The SIP protocol is a text-based, request and response protocol.
A SIP request includes a method
field that identifies the purpose of the request, and a Request-URI
which specifies where to send the request. A status code in each SIP response indicates the outcome of the requested action.
The SIP protocol uses TCP (port 5060) or UDP (port 5061).
After SIP creates a call session, SIP can transmit audio and video streams over the real-time transport protocol (RTP). The SIP message body embeds the data-channel parameter negotiation, session announcement, and session invitation in the Session Description Protocol (SDP) format.
The sip
inspector detects and analyzes SIP messages
in network traffic. The sip
inspector extracts the SIP header and message body
and passes any data in the SIP message body to the detection engine.
The sip
inspector detects anomalies and known vulnerabilities in SIP traffic,
including disordered and invalid call sequences.
![]() Note |
|